Behavioral task
behavioral1
Sample
dece4adf99e29edff4ef336fe6f7c40ffb90abd46514985ef86ef7c4fe5e94ed.exe
Resource
win10v2004-en-20220113
General
-
Target
dece4adf99e29edff4ef336fe6f7c40ffb90abd46514985ef86ef7c4fe5e94ed
-
Size
324KB
-
MD5
4b4e6ce587df768d5f3530aa8c2a3a75
-
SHA1
87169151f1c6b437966e5c54a683b3675d41af95
-
SHA256
dece4adf99e29edff4ef336fe6f7c40ffb90abd46514985ef86ef7c4fe5e94ed
-
SHA512
c060f9ce6594cfdd8043c16839bd6db65841b32288cffcec7fe21897611be76e0ae529d4668762478841d91ca6d4f74bbfbe109bb01ea3cfaaaeace1f47373db
-
SSDEEP
1536:KJdsLi7tBnI6eLK1hyuBaIeigUr2f1KVF9PlR:KJdsLi7tBnIf21hyOt46F9dR
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:7776
Windows Update
-
reg_key
Windows Update
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
dece4adf99e29edff4ef336fe6f7c40ffb90abd46514985ef86ef7c4fe5e94ed.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ